```html
<!DOCTYPE html>
<html lang="zh-CN">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Zookeeper ACL 访问控制详解</title>
    <link rel="stylesheet" href="https://cdn.staticfile.org/font-awesome/6.4.0/css/all.min.css">
    <link rel="stylesheet" href="https://cdn.staticfile.org/tailwindcss/2.2.19/tailwind.min.css">
    <link href="https://fonts.googleapis.com/css2?family=Noto+Serif+SC:wght@400;500;600;700&family=Noto+Sans+SC:wght@300;400;500;700&display=swap" rel="stylesheet">
    <script src="https://cdn.jsdelivr.net/npm/mermaid@latest/dist/mermaid.min.js"></script>
    <style>
        body {
            font-family: 'Noto Sans SC', Tahoma, Arial, Roboto, "Droid Sans", "Helvetica Neue", "Droid Sans Fallback", "Heiti SC", "Hiragino Sans GB", Simsun, sans-serif;
            background-color: #f8fafc;
            color: #1e293b;
            line-height: 1.6;
        }
        .hero {
            background: linear-gradient(135deg, #4f46e5 0%, #7c3aed 100%);
        }
        .card {
            transition: transform 0.3s ease, box-shadow 0.3s ease;
        }
        .card:hover {
            transform: translateY(-5px);
            box-shadow: 0 20px 25px -5px rgba(0, 0, 0, 0.1), 0 10px 10px -5px rgba(0, 0, 0, 0.04);
        }
        .code-block {
            font-family: 'Courier New', Courier, monospace;
            background-color: #1e293b;
            color: #f8fafc;
            border-radius: 0.5rem;
            overflow-x: auto;
        }
        .highlight {
            background-color: #fef3c7;
            padding: 0.2rem 0.4rem;
            border-radius: 0.25rem;
            font-weight: 500;
        }
        .divider {
            height: 1px;
            background: linear-gradient(90deg, transparent, rgba(0,0,0,0.1), transparent);
        }
        .tooltip {
            position: relative;
        }
        .tooltip-text {
            visibility: hidden;
            width: 200px;
            background-color: #1e293b;
            color: #fff;
            text-align: center;
            border-radius: 6px;
            padding: 5px;
            position: absolute;
            z-index: 1;
            bottom: 125%;
            left: 50%;
            transform: translateX(-50%);
            opacity: 0;
            transition: opacity 0.3s;
        }
        .tooltip:hover .tooltip-text {
            visibility: visible;
            opacity: 1;
        }
    </style>
</head>
<body>
    <!-- Hero Section -->
    <section class="hero text-white py-20 px-4 sm:px-6 lg:px-8">
        <div class="max-w-4xl mx-auto">
            <div class="flex flex-col items-center text-center">
                <div class="w-24 h-24 mb-6 bg-white rounded-full flex items-center justify-center">
                    <i class="fas fa-shield-alt text-4xl text-indigo-600"></i>
                </div>
                <h1 class="text-4xl md:text-5xl font-bold mb-4 font-serif">Zookeeper ACL</h1>
                <h2 class="text-xl md:text-2xl mb-6 opacity-90">访问控制列表安全机制详解</h2>
                <p class="text-lg max-w-2xl opacity-90 mb-8">
                    Zookeeper 的访问控制列表（ACL）是保障分布式系统安全的核心机制，通过精细的权限控制确保只有授权用户能够访问特定节点数据。
                </p>
                <div class="flex space-x-4">
                    <a href="#how-it-works" class="px-6 py-3 bg-white text-indigo-600 font-medium rounded-lg hover:bg-gray-100 transition duration-300">
                        <i class="fas fa-cogs mr-2"></i>工作原理
                    </a>
                    <a href="#configuration" class="px-6 py-3 bg-indigo-800 text-white font-medium rounded-lg hover:bg-indigo-900 transition duration-300">
                        <i class="fas fa-sliders-h mr-2"></i>配置指南
                    </a>
                </div>
            </div>
        </div>
    </section>

    <!-- Main Content -->
    <main class="max-w-4xl mx-auto px-4 sm:px-6 lg:px-8 py-16">
        <!-- How it works section -->
        <section id="how-it-works" class="mb-20">
            <div class="flex items-center mb-8">
                <div class="w-12 h-12 bg-indigo-100 rounded-full flex items-center justify-center mr-4">
                    <i class="fas fa-cogs text-indigo-600 text-xl"></i>
                </div>
                <h2 class="text-3xl font-bold font-serif">ACL 的工作原理</h2>
            </div>
            
            <div class="grid md:grid-cols-2 gap-8 mb-10">
                <div class="card bg-white p-6 rounded-xl shadow-md">
                    <div class="flex items-center mb-4">
                        <div class="w-10 h-10 bg-indigo-50 rounded-lg flex items-center justify-center mr-3">
                            <i class="fas fa-user-shield text-indigo-500"></i>
                        </div>
                        <h3 class="text-xl font-semibold">权限定义</h3>
                    </div>
                    <p class="text-gray-700">
                        ACL 定义了不同的权限类型，包括读取(<span class="highlight">READ</span>)、写入(<span class="highlight">WRITE</span>)、创建(<span class="highlight">CREATE</span>)、删除(<span class="highlight">DELETE</span>)和管理员(<span class="highlight">ADMIN</span>)。这些权限决定了客户端可以对节点执行的操作。
                    </p>
                </div>
                
                <div class="card bg-white p-6 rounded-xl shadow-md">
                    <div class="flex items-center mb-4">
                        <div class="w-10 h-10 bg-indigo-50 rounded-lg flex items-center justify-center mr-3">
                            <i class="fas fa-id-card text-indigo-500"></i>
                        </div>
                        <h3 class="text-xl font-semibold">授权标识</h3>
                    </div>
                    <p class="text-gray-700">
                        Zookeeper 支持多种授权标识类型：
                        <span class="highlight">world</span>（所有人）、
                        <span class="highlight">auth</span>（已认证用户）、
                        <span class="highlight">digest</span>（用户名/密码）、
                        <span class="highlight">x509</span>（证书）和
                        <span class="highlight">ip</span>（IP地址）。
                    </p>
                </div>
            </div>
            
            <div class="bg-white p-6 rounded-xl shadow-md mb-8">
                <h3 class="text-xl font-semibold mb-4 flex items-center">
                    <i class="fas fa-shield-alt text-indigo-500 mr-2"></i>访问控制流程
                </h3>
                <div class="mermaid">
                    graph TD
                        A[客户端请求操作] --> B{节点有ACL?}
                        B -->|是| C[验证客户端身份]
                        B -->|否| D[允许操作]
                        C --> E{身份匹配且权限足够?}
                        E -->|是| D
                        E -->|否| F[拒绝操作]
                </div>
            </div>
            
            <div class="bg-white p-6 rounded-xl shadow-md">
                <h3 class="text-xl font-semibold mb-4 flex items-center">
                    <i class="fas fa-lightbulb text-yellow-500 mr-2"></i>关键概念
                </h3>
                <div class="grid sm:grid-cols-2 gap-4">
                    <div class="p-4 bg-indigo-50 rounded-lg">
                        <h4 class="font-medium mb-2 flex items-center">
                            <i class="fas fa-universal-access text-indigo-600 mr-2"></i>World 模式
                        </h4>
                        <p class="text-sm text-gray-700">
                            默认权限模式，<span class="highlight">world:anyone</span> 表示任何人都可以访问节点，通常配合特定权限使用。
                        </p>
                    </div>
                    <div class="p-4 bg-indigo-50 rounded-lg">
                        <h4 class="font-medium mb-2 flex items-center">
                            <i class="fas fa-user-check text-indigo-600 mr-2"></i>Auth 模式
                        </h4>
                        <p class="text-sm text-gray-700">
                            只允许已认证的客户端访问，使用前需要先调用 <span class="highlight">addAuthInfo</span> 方法添加认证信息。
                        </p>
                    </div>
                    <div class="p-4 bg-indigo-50 rounded-lg">
                        <h4 class="font-medium mb-2 flex items-center">
                            <i class="fas fa-key text-indigo-600 mr-2"></i>Digest 认证
                        </h4>
                        <p class="text-sm text-gray-700">
                            基于用户名和密码的认证，密码以 <span class="highlight">SHA1</span> 加密后存储，格式为 <span class="highlight">user:base64(sha1(password))</span>。
                        </p>
                    </div>
                    <div class="p-4 bg-indigo-50 rounded-lg">
                        <h4 class="font-medium mb-2 flex items-center">
                            <i class="fas fa-network-wired text-indigo-600 mr-2"></i>IP 认证
                        </h4>
                        <p class="text-sm text-gray-700">
                            基于客户端 IP 地址的认证，格式为 <span class="highlight">ip:192.168.1.1</span>，可使用 CIDR 表示法 <span class="highlight">ip:192.168.1.0/24</span>。
                        </p>
                    </div>
                </div>
            </div>
        </section>
        
        <div class="divider my-12"></div>
        
        <!-- Configuration section -->
        <section id="configuration" class="mb-20">
            <div class="flex items-center mb-8">
                <div class="w-12 h-12 bg-indigo-100 rounded-full flex items-center justify-center mr-4">
                    <i class="fas fa-sliders-h text-indigo-600 text-xl"></i>
                </div>
                <h2 class="text-3xl font-bold font-serif">如何配置 Zookeeper 的权限控制</h2>
            </div>
            
            <div class="space-y-8">
                <div class="card bg-white p-6 rounded-xl shadow-md">
                    <div class="flex items-start mb-4">
                        <div class="w-10 h-10 bg-red-50 rounded-lg flex items-center justify-center mr-3 mt-1">
                            <i class="fas fa-plus-circle text-red-500"></i>
                        </div>
                        <div>
                            <h3 class="text-xl font-semibold">创建带 ACL 的节点</h3>
                            <p class="text-gray-700 mt-1">
                                在创建节点时直接指定 ACL 配置，使用 <span class="highlight">create</span> 命令。
                            </p>
                        </div>
                    </div>
                    <div class="code-block p-4 rounded-lg mt-4">
                        <pre><code class="text-white">create /path/to/node data "digest:user:password:admin"</code></pre>
                    </div>
                    <div class="mt-4 flex items-center text-sm text-gray-600">
                        <i class="fas fa-info-circle mr-2"></i>
                        <p>上面的命令使用 Digest 认证方式，赋予 <span class="font-medium">user</span> 用户 <span class="font-medium">admin</span> 权限</p>
                    </div>
                </div>
                
                <div class="card bg-white p-6 rounded-xl shadow-md">
                    <div class="flex items-start mb-4">
                        <div class="w-10 h-10 bg-blue-50 rounded-lg flex items-center justify-center mr-3 mt-1">
                            <i class="fas fa-edit text-blue-500"></i>
                        </div>
                        <div>
                            <h3 class="text-xl font-semibold">修改节点的 ACL</h3>
                            <p class="text-gray-700 mt-1">
                                使用 <span class="highlight">setAcl</span> 命令修改现有节点的 ACL 配置。
                            </p>
                        </div>
                    </div>
                    <div class="code-block p-4 rounded-lg mt-4">
                        <pre><code class="text-white">setAcl /path/to/node digest:user:password:read</code></pre>
                    </div>
                    <div class="mt-4 flex items-center text-sm text-gray-600">
                        <i class="fas fa-info-circle mr-2"></i>
                        <p>将节点 <span class="font-medium">/path/to/node</span> 的 ACL 设置为允许 <span class="font-medium">user</span> 用户以 <span class="font-medium">read</span> 权限访问</p>
                    </div>
                </div>
                
                <div class="card bg-white p-6 rounded-xl shadow-md">
                    <div class="flex items-start mb-4">
                        <div class="w-10 h-10 bg-green-50 rounded-lg flex items-center justify-center mr-3 mt-1">
                            <i class="fas fa-search text-green-500"></i>
                        </div>
                        <div>
                            <h3 class="text-xl font-semibold">查看节点的 ACL</h3>
                            <p class="text-gray-700 mt-1">
                                使用 <span class="highlight">getAcl</span> 命令查看节点的当前 ACL 配置。
                            </p>
                        </div>
                    </div>
                    <div class="code-block p-4 rounded-lg mt-4">
                        <pre><code class="text-white">getAcl /path/to/node</code></pre>
                    </div>
                </div>
            </div>
            
            <div class="mt-12">
                <h3 class="text-2xl font-semibold mb-6 flex items-center font-serif">
                    <i class="fas fa-list-ul text-indigo-500 mr-2"></i>常见 ACL 配置示例
                </h3>
                
                <div class="grid md:grid-cols-2 gap-6">
                    <div class="card bg-white p-6 rounded-xl shadow-md">
                        <h4 class="font-semibold text-lg mb-3 flex items-center">
                            <i class="fas fa-globe-americas text-blue-500 mr-2"></i>允许所有用户读取数据
                        </h4>
                        <div class="code-block p-4 rounded-lg">
                            <pre><code class="text-white">create /path/to/node data "world:anyone:read"</code></pre>
                        </div>
                        <div class="mt-3 flex items-start">
                            <span class="inline-flex items-center px-2.5 py-0.5 rounded-full text-xs font-medium bg-blue-100 text-blue-800 mr-2 tooltip">
                                world
                                <span class="tooltip-text">代表所有用户</span>
                            </span>
                            <span class="inline-flex items-center px-2.5 py-0.5 rounded-full text-xs font-medium bg-blue-100 text-blue-800 mr-2 tooltip">
                                anyone
                                <span class="tooltip-text">匿名访问</span>
                            </span>
                            <span class="inline-flex items-center px-2.5 py-0.5 rounded-full text-xs font-medium bg-blue-100 text-blue-800 tooltip">
                                read
                                <span class="tooltip-text">仅读权限</span>
                            </span>
                        </div>
                    </div>
                    
                    <div class="card bg-white p-6 rounded-xl shadow-md">
                        <h4 class="font-semibold text-lg mb-3 flex items-center">
                            <i class="fas fa-user-lock text-purple-500 mr-2"></i>仅允许认证用户写入
                        </h4>
                        <div class="code-block p-4 rounded-lg">
                            <pre><code class="text-white">create /path/to/node data "auth:user:write"</code></pre>
                        </div>
                        <div class="mt-3 flex items-start">
                            <span class="inline-flex items-center px-2.5 py-0.5 rounded-full text-xs font-medium bg-purple-100 text-purple-800 mr-2 tooltip">
                                auth
                                <span class="tooltip-text">需要认证</span>
                            </span>
                            <span class="inline-flex items-center px-2.5 py-0.5 rounded-full text-xs font-medium bg-purple-100 text-purple-800 mr-2 tooltip">
                                user
                                <span class="tooltip-text">指定用户</span>
                            </span>
                            <span class="inline-flex items-center px-2.5 py-0.5 rounded-full text-xs font-medium bg-purple-100 text-purple-800 tooltip">
                                write
                                <span class="tooltip-text">写入权限</span>
                            </span>
                        </div>
                    </div>
                    
                    <div class="card bg-white p-6 rounded-xl shadow-md">
                        <h4 class="font-semibold text-lg mb-3 flex items-center">
                            <i class="fas fa-user-tag text-green-500 mr-2"></i>Digest 认证管理员
                        </h4>
                        <div class="code-block p-4 rounded-lg">
                            <pre><code class="text-white">create /path/to/node data "digest:user:password:admin"</code></pre>
                        </div>
                        <div class="mt-3 flex items-start">
                            <span class="inline-flex items-center px-2.5 py-0.5 rounded-full text-xs font-medium bg-green-100 text-green-800 mr-2 tooltip">
                                digest
                                <span class="tooltip-text">用户名/密码认证</span>
                            </span>
                            <span class="inline-flex items-center px-2.5 py-0.5 rounded-full text-xs font-medium bg-green-100 text-green-800 mr-2 tooltip">
                                user:password
                                <span class="tooltip-text">认证信息</span>
                            </span>
                            <span class="inline-flex items-center px-2.5 py-0.5 rounded-full text-xs font-medium bg-green-100 text-green-800 tooltip">
                                admin
                                <span class="tooltip-text">管理员权限</span>
                            </span>
                        </div>
                    </div>
                    
                    <div class="card bg-white p-6 rounded-xl shadow-md">
                        <h4 class="font-semibold text-lg mb-3 flex items-center">
                            <i class="fas fa-network-wired text-orange-500 mr-2"></i>IP 地址限制
                        </h4>
                        <div class="code-block p-4 rounded-lg">
                            <pre><code class="text-white">create /path/to/node data "ip:192.168.1.1:cdrwa"</code></pre>
                        </div>
                        <div class="mt-3 flex flex-wrap items-start">
                            <span class="inline-flex items-center px-2.5 py-0.5 rounded-full text-xs font-medium bg-orange-100 text-orange-800 mr-2 mb-2 tooltip">
                                ip
                                <span class="tooltip-text">IP认证</span>
                            </span>
                            <span class="inline-flex items-center px-2.5 py-0.5 rounded-full text-xs font-medium bg-orange-100 text-orange-800 mr-2 mb-2 tooltip">
                                192.168.1.1
                                <span class="tooltip-text">允许的IP地址</span>
                            </span>
                            <span class="inline-flex items-center px-2.5 py-0.5 rounded-full text-xs font-medium bg-orange-100 text-orange-800 mr-2 mb-2 tooltip">
                                c
                                <span class="tooltip-text">CREATE</span>
                            </span>
                            <span class="inline-flex items-center px-2.5 py-0.5 rounded-full text-xs font-medium bg-orange-100 text-orange-800 mr-2 mb-2 tooltip">
                                d
                                <span class="tooltip-text">DELETE</span>
                            </span>
                            <span class="inline-flex items-center px-2.5 py-0.5 rounded-full text-xs font-medium bg-orange-100 text-orange-800 mr-2 mb-2 tooltip">
                                r
                                <span class="tooltip-text">READ</span>
                            </span>
                            <span class="inline-flex items-center px-2.5 py-0.5 rounded-full text-xs font-medium bg-orange-100 text-orange-800 mr-2 mb-2 tooltip">
                                w
                                <span class="tooltip-text">WRITE</span>
                            </span>
                            <span class="inline-flex items-center px-2.5 py-0.5 rounded-full text-xs font-medium bg-orange-100 text-orange-800 mb-2 tooltip">
                                a
                                <span class="tooltip-text">ADMIN</span>
                            </span>
                        </div>
                    </div>
                </div>
            </div>
        </section>
        
        <!-- Summary Section -->
        <section class="bg-indigo-50 p-8 rounded-xl">
            <div class="max-w-3xl mx-auto text-center">
                <h3 class="text-2xl font-bold mb-4 font-serif">Zookeeper ACL 最佳实践</h3>
                <div class="grid md:grid-cols-3 gap-6 mb-6">
                    <div class="bg-white p-4 rounded-lg shadow-sm">
                        <i class="fas fa-user-secret text-indigo-500 text-2xl mb-3"></i>
                        <h4 class="font-semibold mb-2">最小权限原则</h4>
                        <p class="text-sm text-gray-700">
                            只授予必要的权限，避免使用 <span class="font-medium">world:anyone:cdrwa</span> 这样的宽松权限
                        </p>
                    </div>
                    <div class="bg-white p-4 rounded-lg shadow-sm">
                        <i class="fas fa-lock text-indigo-500 text-2xl mb-3"></i>
                        <h4 class="font-semibold mb-2">使用强认证方式</h4>
                        <p class="text-sm text-gray-700">
                            优先使用 <span class="font-medium">digest</span> 或 <span class="font-medium">x509</span> 认证，而不是简单的 IP 认证
                        </p>
                    </div>
                    <div class="bg-white p-4 rounded-lg shadow-sm">
                        <i class="fas fa-layer-group text-indigo-500 text-2xl mb-3"></i>
                        <h4 class="font-semibold mb-2">分层权限设计</h4>
                        <p class="text-sm text-gray-700">
                            根据节点层级设计不同的 ACL，敏感数据节点设置更严格的权限
                        </p>
                    </div>
                </div>
                <button class="px-6 py-3 bg-indigo-600 text-white rounded-lg hover:bg-indigo-700 transition duration-300">
                    <i class="fas fa-book mr-2"></i>了解更多安全实践
                </button>
            </div>
        </section>
    </main>
    
    <!-- Footer -->
    <footer class="bg-gray-900 text-gray-300 py-12">
        <div class="max-w-4xl mx-auto px-4 sm:px-6 lg:px-8 text-center">
            <div class="flex justify-center space-x-6 mb-6">
                <a href="#" class="text-gray-400 hover:text-white transition duration-300">
                    <i class="fab fa-github text-xl"></i>
                </a>
                <a href="#" class="text-gray-400 hover:text-white transition duration-300">
                    <i class="fab fa-twitter text-xl"></i>
                </a>
                <a href="#" class="text-gray-400 hover:text-white transition duration-300">
                    <i class="fab fa-linkedin text-xl"></i>
                </a>
            </div>
            <p class="text-sm mb-2">技术小馆</p>
            <a href="http://www.yuque.com/jtostring" class="text-indigo-400 hover:text-indigo-300 text-sm transition duration-300">
                http://www.yuque.com/jtostring
            </a>
            <p class="text-xs text-gray-500 mt-6">© 2023 技术小馆. All rights reserved.</p>
        </div>
    </footer>

    <script>
        mermaid.initialize({
            startOnLoad: true,
            theme: 'dark',
            flowchart: {
                useMaxWidth: false,
                htmlLabels: true,
                curve: 'basis'
            }
        });
        
        // 平滑滚动
        document.querySelectorAll('a[href^="#"]').forEach(anchor => {
            anchor.addEventListener('click', function (e) {
                e.preventDefault();
                document.querySelector(this.getAttribute('href')).scrollIntoView({
                    behavior: 'smooth'
                });
            });
        });
    </script>
</body>
</html>
```